Architecture

??? pgHead ???

Log360 architecture

Log360 is a comprehensive security information and event management (SIEM) solution that helps you proactively thwart both insider and external attacks; spot, resolve, and contain security threats; and prove your adherence to compliance mandates. It does this by seamlessly integrating components and modules such as log management, Active Directory (AD) auditing, Exchange Server monitoring, cloud infrastructure reporting, and much more.

This seamlessly-integrated solution combines the capabilities of ADAudit Plus, EventLog Analyzer, O365 Manager Plus, Exchange Reporter Plus, and Cloud Security Plus. With Log360, you can gain complete control over your network, and audit AD changes, network device logs, Microsoft Exchange Servers, Microsoft Exchange Online, Azure Active Directory, and your public cloud infrastructure, all from a single console.

  • ADAudit Plus

    ManageEngine ADAudit Plus is an IT security and compliance solution. With over 200 event-specific reports and real-time email alerts, it provides in-depth knowledge about changes made to both the content and configuration of Active Directory, Azure AD, and Windows servers.

  • EventLog Analyzer

    EventLog Analyzer is a log management and IT compliance solution for your enterprise. It is web-based, and employs both agentless and agent-based mechanisms to collect logs from varied log sources across your network. It also provides you with in-depth reports, alerts, and security analyses.

  • Exchange Reporter Plus

    ManageEngine Exchange Reporter Plus is a comprehensive web-based analysis and reporting solution for Microsoft Exchange Servers. This reporting solution provides over 100 different reports on every aspect of the Microsoft Exchange Server environment.

  • O365 Manager Plus

    O365 Manager Plus is an extensive Office 365 tool used for reporting, managing, monitoring, auditing, and creating alerts for critical activities. With its user-friendly interface, you can easily manage Exchange Online, Azure Active Directory, Skype for Business, OneDrive for Business, Microsoft Teams, and other Office 365 services all from one place.

  • Cloud Security Plus

    Cloud Security Plus combats security concerns and protects your cloud. It gives complete visibility into both your Amazon Web Services (AWS) and Azure cloud infrastructures. The comprehensive reports, easy search mechanism, and customizable alert profiles enable you to track, analyze, and react to events happening in your cloud environments, ensuring your business runs smoothly in a secure and protected cloud.

  • ADManager Plus

    ADManager Plus is a web-based Windows Active Directory (AD), Office 365, and Exchange management and reporting solution that helps AD administrators and help desk technicians in their day-to-day activities. 

Capabilities of Log360

Log360 is capable of performing the following functions:

  • Log collection

    Log360 EventLog analyzer can collect logs from multiple log sources such as firewalls, Windows systems, Unix/Linux systems, applications, databases, routers, switches, and intrusion detection systems (IDS)/intrusion prevention systems (IPS).

  • Log security analytics

    Log360 can analyze event logs and multiple other log formats, and its custom log parser can parse any log format. Log360's powerful correlation engine helps you identify the defined attack patterns within your logs efficiently. It also provides real-time alerts and intuitive reports that help you take timely actions to mitigate the impact of the attacks. Log360 is also integrated with ITIL® tools ServiceNow and ManageEngine ServiceDesk Plus to align the IT services with the needs of the business. Its powerful search engine helps you search through logs seamlessly, irrespective of the volume of data.

  • Incident management

    Log360 enables you to handle incidents efficiently by automatically assigning tickets to your technicians or administrators as soon as alerts are triggered. It also comes with threat intelligence capabilities that can identify attacks based on patterns, and generate real-time alerts. Log360 also provides an option to design customized workflows to mitigate the impact of the attack. It is empowered with machine learning and script execution, ensuring end-to-end incident management.

  • Log archival

    Log360 automatically archives all event logs and syslogs collected from Windows and UNIX devices, routers, switches, and other syslog devices. The event log archive is invaluable in forensic analysis and determining performance and usage statistics for a device. The archived log data is encrypted and time stamped to ensure that the archive data files are tamper-proof. The default log compression period is seven days, and can be customized according to the needs of the organization. Archiving can also be disabled entirely, though this isn't recommended. 

  • User and entity behavior analytics (UEBA)

    Log360's UEBA engine analyzes logs from different sources including firewalls, routers, workstations, databases, and file servers. Any deviation from normal behavior is classified as a time, count, or pattern anomaly. It then gives an actionable insight to the IT administrator with the use of risk scores, anomaly trends, and intuitive reports.

log360-architecture-diagram